Creation of principal without password
j.kemp at imperial.ac.uk
Thu Aug 17 06:22:09 EDT 2006
> Is it possible to create a principal without password in kerberos? Thank
You can create a principal with a random key (password) by using the
-randkey option (i.e. in kadmin, 'addprinc -randkey user'). You can
then extract this to a keytab, and use the keytab to authorise the user.
Note also that if you create a principal & set the password, then
extract this principal to a keytab using 'ktadd', the key is randomised
in the process (so your previous password will no longer work).
I think (not sure!) you *can* also set an empty password, if your
policies are appropriate, but that would be somewhat insecure!
The manpage for kadmin is helpful.
+ Ms Juliet Kemp +
+ Computer Manager star at imperial.ac.uk +
+ Astrophysics Group +
+ Imperial College Tel: +44 (0)20759 47538 +
+ London. SW7 2AZ Fax: +44 (0)20759 47541 +
More information about the Kerberos